the BBS Xchange
the BBS Xchange

  • Random people acessing

    From Oshogun@VERT/STARKILL to All on Mon Apr 25 21:16:51 2016
    BTW, is it normal for a lot of (what I assume to be) bots from random places (lots of IPs from russia, for example) to telnet into my BBS system and try to login as root? Some of them even throw random UNIX commands at the login prompt, so I assume they are trying to get acess into unprotected unix shells (who the hell uses telnet on a unix shell anyway).

    It seems to be harmless since none of those commands will actually work on a BBS but, it is annoying.

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Nightfox@VERT/DIGDIST to Oshogun on Mon Apr 25 15:52:29 2016
    BTW, is it normal for a lot of (what I assume to be) bots from random places (lots of IPs from russia, for example) to telnet into my BBS system and try to login as root? Some of them even throw random UNIX commands at the login prompt, so I assume they are trying to get acess into unprotected unix shells (who the hell uses telnet on a unix shell anyway).

    It seems to be harmless since none of those commands will actually work on a BBS but, it is annoying.

    It's fairly common, yes. They are probably bots/scripts trying to do something malicious. I agree they are probably harmless since those commands won't work on a BBS, but if you want to block one of them, you can add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.

    Nightfox

    ---
    ■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com
  • From Mro@VERT/BBSESINF to Nightfox on Mon Apr 25 20:55:19 2016
    Re: Random people acessing
    By: Nightfox to Oshogun on Mon Apr 25 2016 03:52 pm

    add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.



    and the jasman has a script that blocks 'em all
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Oshogun@VERT/STARKILL to Nightfox on Tue Apr 26 00:20:45 2016
    Re: Random people acessing
    By: Nightfox to Oshogun on Mon Apr 25 2016 15:52:29

    It's fairly common, yes. They are probably bots/scripts trying to do something malicious. I agree they are probably harmless since those commands won't work on a BBS, but if you want to block one of them, you can add the IP address to your ip.can file. I've heard of some scripts for Synchronet that will automatically add an IP address to your ip.can if it detects repeated logins, etc., but I don't remember offhand which scripts will do that for you.

    Yeah, I suspected as much. Well, I guess this shouldn't be a problem. It's kinda hilarious to see the bots trying to login as "cd /tmp || cd /var/run||" on a BBS.


    ----------------------------------------------------------------
    "I see the hands of man arise, with hungry mind, and open eyes"

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Ktulu@VERT/ROI to Oshogun on Tue Apr 26 20:00:46 2016
    Re: Random people acessing
    By: Oshogun to Nightfox on Tue Apr 26 2016 12:20 am

    I've got the same thing going on here, After looking into it a bit further some of these 'scripts' are attempting to login to do a Brute force on a DVR player, by logging in as "xc5311" (*shrug*)

    The only time it pisses me off is when they tie up ALL nodes of the BBS.

    -Ktulu



    Yeah, I suspected as much. Well, I guess this shouldn't be a problem. It's kinda hilarious to see the bots trying to login as "cd /tmp || cd /var/run||" on a BBS.

    ---
    ■ Synchronet ■ Realm of Insanity - Racine, WI telnet://roi.synchro.net
  • From Poindexter Fortran@VERT/REALITY to Ktulu on Wed Apr 27 07:01:46 2016
    Re: Random people acessing
    By: Ktulu to Oshogun on Tue Apr 26 2016 08:00 pm

    I've got the same thing going on here, After looking into it a bit further some of these 'scripts' are attempting to login to do a Brute force on a DVR player, by logging in as "xc5311" (*shrug*)

    I saw that too, thought it was an EMSI handshake gone awry.

    ---
    ■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org
  • From Denn Gray@VERT/OUTWEST to Ktulu on Wed Apr 27 08:26:54 2016
    Re: Random people acessing
    By: Ktulu to Oshogun on Tue Apr 26 2016 08:00 pm

    I've got the same thing going on here, After looking into it a bit further s of these 'scripts' are attempting to login to do a Brute force on a DVR play by logging in as "xc5311" (*shrug*)

    The only time it pisses me off is when they tie up ALL nodes of the BBS.

    It is halarious, Since I closed all ports except the ones I use on my BBS PC the number of bot related hits have gone down considerably.
    Before I closed ports I watched several times as all 10 nodes were being hit all at the same time, since closing ports down I see 1 node once in awhile being sniffed by a sniff bot.

    ---
    ■ Synchronet ■ The Outwest BBS - outwestbbs.com - DOORS - Files -Dove-Net
  • From Oshogun@VERT/STARKILL to Ktulu on Wed Apr 27 11:50:05 2016
    Re: Random people acessing
    By: Ktulu to Oshogun on Tue Apr 26 2016 20:00:46

    Re: Random people acessing
    By: Oshogun to Nightfox on Tue Apr 26 2016 12:20 am

    I've got the same thing going on here, After looking into it a bit further some of these 'scripts' are attempting to login to do a Brute force on a DVR player, by logging in as "xc5311" (*shrug*)

    The only time it pisses me off is when they tie up ALL nodes of the BBS.

    -Ktulu



    Yeah, I suspected as much. Well, I guess this shouldn't be a problem. It's kinda hilarious to see the bots trying to login as "cd /tmp || cd /var/run||" on a BBS.


    Yeah I just got the xc3511 too D:

    Well I use 10 nodes here and they usually just take up one at a time. Lucky me I guess.



    -------------------------------------------------------------------------
    I see the hands of men arise, with hungry mind and open eyes

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Jeff Friend@VERT/MORDOR to Denn Gray on Thu Apr 28 07:52:41 2016
    Re: Random people acessing
    By: Denn Gray to Ktulu on Wed Apr 27 2016 08:26 am

    It is halarious, Since I closed all ports except the ones I use on my BBS PC the number of bot related hits have gone down considerably.
    Before I closed ports I watched several times as all 10 nodes were being hi all at the same time, since closing ports down I see 1 node once in awhile being sniffed by a sniff bot.

    I have noticed this too. They always seem to try to log in as "root". Of course, they never get in. But in 2 or 3 days, over 2000 attempts to login like that.. I just ignore them.

    Jeff in Brisbane.

    ---
    ■ Synchronet ■ Mordor - casper.homeip.net
  • From Oshogun@VERT/STARKILL to Denn Gray on Wed Apr 27 21:00:48 2016
    Re: Random people acessing
    By: Denn Gray to Ktulu on Wed Apr 27 2016 08:26:54

    It is halarious, Since I closed all ports except the ones I use on my BBS PC the number of bot related hits have gone down considerably.
    Before I closed ports I watched several times as all 10 nodes were being hit all at the same time, since closing ports down I see 1 node once in awhile being sniffed by a sniff bot.

    Oh yes, all the ports here are closed except the ones I use in the bbs and some game servers. Leaving unecessary ports open in your router is usually not a brilliant idea.

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Ktulu@VERT/ROI to Oshogun on Wed Apr 27 19:23:43 2016
    Re: Random people acessing
    By: Oshogun to Ktulu on Wed Apr 27 2016 11:50 am

    Yeah I just got the xc3511 too D:

    Googled:
    How to reset a DVR to factory settings, and I found this:

    To reset password use telnet access with login "root" and password "xc3511". Then go to "/mnt/mtd/Config/" (cd /mnt/mtd/Config/) directory and delete all files "Account" (use "rm -f Account*" command). After reboot DVR will accept empty password for admin.

    I still think it's funny. Damn amateurs. LOL!

    -Ktulu

    ---
    ■ Synchronet ■ Realm of Insanity - Racine, WI telnet://roi.synchro.net
  • From Oshogun@VERT/STARKILL to Ktulu on Thu Apr 28 08:44:08 2016
    Re: Random people acessing
    By: Ktulu to Oshogun on Wed Apr 27 2016 19:23:43

    Re: Random people acessing
    By: Oshogun to Ktulu on Wed Apr 27 2016 11:50 am

    Yeah I just got the xc3511 too D:

    Googled:
    How to reset a DVR to factory settings, and I found this:

    To reset password use telnet access with login "root" and password "xc3511". Then go to "/mnt/mtd/Config/" (cd /mnt/mtd/Config/) directory and delete all files "Account" (use "rm -f Account*" command). After reboot DVR will accept empty password for admin.

    I still think it's funny. Damn amateurs. LOL!

    -Ktulu


    Now I just feel like making a "root/xc3511" account with no privileges on the bbs just to see what they do when they get access :')

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Ktulu@VERT/ROI to Oshogun on Fri Apr 29 10:04:24 2016
    Re: Random people acessing
    By: Oshogun to Ktulu on Thu Apr 28 2016 08:44 am

    Now I just feel like making a "root/xc3511" account with no privileges on the bbs just to see what they do when they get access :')

    I know! I thought about doing the same thing.
    Or maybe when they login with the account send about a 2GB text listing of movies to their screen then hangup.

    -Ktulu

    ---
    ■ Synchronet ■ Realm of Insanity - Racine, WI telnet://roi.synchro.net
  • From tracker1@VERT/TRNTEST to Jeff Friend on Sat Apr 30 17:37:17 2016
    I have noticed this too. They always seem to try to log in as "root". Of
    course, they never get in. But in 2 or 3 days, over 2000 attempts to login like that.. I just ignore them.

    I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after 10 seconds without two escape key presses.. similar to the old dialers, but this time to disconnect the bots before they even get to a login prompt.

    --
    Michael J. Ryan
    tracker1(at)gmail.com
    +o Roughneck BBS

    ---
    ■ Synchronet ■ RoughneckBBS - http://www.roughneckbbs.com/
  • From Nightfox@VERT/DIGDIST to tracker1 on Sat Apr 30 21:33:45 2016
    Re: Re: Random people acessing
    By: tracker1 to Jeff Friend on Sat Apr 30 2016 17:37:17

    I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after 10 seconds without two escape key presses.. similar to the old dialers, but this time to disconnect the bots before they even get to a login prompt.

    Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything).
    Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.

    Nightfox

    ---
    ■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com
  • From Jeff Friend@VERT/MORDOR to tracker1 on Sun May 1 14:55:04 2016
    Re: Re: Random people acessing
    By: tracker1 to Jeff Friend on Sat Apr 30 2016 05:37 pm

    I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after 10 seconds without two escape key presses.. similar to the old dialers, but thi time to disconnect the bots before they even get to a login prompt.

    I remember seeing that on alot of bbs's years ago too> Would be an idea..

    Jeff

    ---
    ■ Synchronet ■ Mordor - casper.homeip.net
  • From Mro@VERT/BBSESINF to tracker1 on Sun May 1 10:25:16 2016
    Re: Re: Random people acessing
    By: tracker1 to Jeff Friend on Sat Apr 30 2016 05:37 pm

    I have noticed this too. They always seem to try to log in as "root". Of
    course, they never get in. But in 2 or 3 days, over 2000 attempts to login like that.. I just ignore them.

    I keep thinking, one could run a script at the top of their login script to "You have 10 seconds to press Esc twice." where it just disconnects after
    10 seconds without two escape key presses.. similar to the old dialers, but this time to disconnect the bots before they even get to a login prompt.


    i have a capcha script that blocks everybody and then removes them and whitelists their ip once they solve it. it blocks a lot but there's an unlimited amount of attackers.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Patch@VERT/R2LOTW to Nightfox on Sun May 1 16:05:59 2016
    Re: Re: Random people acessing
    By: Nightfox to tracker1 on Sat Apr 30 2016 09:33 pm

    Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything). Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.

    Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?

    I thought PeerBlock had a function like that, but didn't see it when I looked the last time.

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net=

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Spacesst@VERT/SPACESST to Mro on Sun May 1 15:50:48 2016
    Re: Re: Random people acessing
    By: Mro to tracker1 on Sun May 01 2016 10:25:16

    i have a capcha script that blocks everybody and then removes them and whitelists their ip once they solve it. it blocks a lot but there's an unlimited amount of attackers.
    unlimited amount of attackers.

    Why not a Script with 3 connections in 5 min , and block the ip for 30 min
    or indefinitly , also a Block DNS server to detect bad ip

    ... Chuck Norris can have his cake and eat it too.

    ---
    ■ Synchronet ■ SpaceSST BBS Usenet Gateway
  • From Mro@VERT/BBSESINF to Patch on Sun May 1 19:31:49 2016
    Re: Re: Random people acessing
    By: Patch to Nightfox on Sun May 01 2016 04:05 pm


    I thought PeerBlock had a function like that, but didn't see it when I looked the last time.


    peerblock does that, if you add the ip address to a custom list.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Mro@VERT/BBSESINF to Spacesst on Sun May 1 19:33:22 2016
    Re: Re: Random people acessing
    By: Spacesst to Mro on Sun May 01 2016 03:50 pm

    Why not a Script with 3 connections in 5 min , and block the ip for 30 min
    or indefinitly , also a Block DNS server to detect bad ip



    because if they are a blocked straightaway if they are not a bbs user.
    i dont have to add all the "if they do this and that" stuff.

    i only had a few morons type the wrong capcha and answer yes twice when i asked them if they were sure.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Nightfox@VERT/DIGDIST to Patch on Sun May 1 17:55:00 2016
    Re: Re: Random people acessing
    By: Patch to Nightfox on Sun May 01 2016 16:05:59

    Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?

    Yeah, you can add an IP address to the file ip.can to have Synchronet block the IP address from getting through. If you use the Windows version of Synchronet, one way to edit your ip.can is from sbbsctrl, go to BBS > Filters > IP address filter.

    Another thing you could do is if your router supports iptables, you could add
    a line to your router's iptables configuration to block the IP address. Then your router would block it so the request wouldn't have to go to your Synchronet BBS.

    Nightfox

    ---
    ■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com
  • From Oshogun@VERT/STARKILL to Ktulu on Sun May 1 10:47:03 2016
    Re: Random people acessing
    By: Ktulu to Oshogun on Fri Apr 29 2016 10:04:24

    Or maybe when they login with the account send about a 2GB text listing of movies to their screen then hangup.

    This. This is beautiful. I like it.

    ---
    ■ Synchronet ■ STARKILLER BBS- A brazillian bbs.
  • From Patch@VERT/R2LOTW to Mro on Mon May 2 07:30:41 2016
    Re: Re: Random people acessing
    By: Mro to Patch on Sun May 01 2016 07:31 pm

    peerblock does that, if you add the ip address to a custom list.

    I thought it had a way, thanks for reminding me now. =)

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
    = Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Patch@VERT/R2LOTW to Nightfox on Mon May 2 07:34:44 2016
    Re: Re: Random people acessing
    By: Nightfox to Patch on Sun May 01 2016 05:55 pm

    Yeah, you can add an IP address to the file ip.can to have Synchronet block the IP address from getting through. If you use the Windows version of Synchronet, one way to edit your ip.can is from sbbsctrl, go to BBS > Filters > IP address filter.

    VERY good to know, thank you!

    I had to modify my Guest log in so that they could get limited things, but I still see someone trying to hack into the board using unix commands and shell as the username.

    While humorous, I'd rather be proactive with that kind-of thing.


    Another thing you could do is if your router supports iptables, you could add a line to your router's iptables configuration to block the IP address. Then your router would block it so the request wouldn't have to go to your Synchronet BBS.

    Ahhh ... forgot about doing it that way.

    So many ways ... =) Thanks again Nightfox!

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
    = Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Denn Gray@VERT/OUTWEST to Patch on Mon May 2 08:10:03 2016
    Re: Re: Random people acessing
    By: Patch to Nightfox on Sun May 01 2016 04:05 pm

    Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?

    Mystic has an autoblocker 4 attempts in 20 seconds blocks ip.

    ---
    ■ Synchronet ■ The Outwest BBS - outwestbbs.com - DOORS - Files -Dove-Net
  • From Patch@VERT/R2LOTW to Denn Gray on Mon May 2 11:51:10 2016
    Re: Re: Random people acessing
    By: Denn Gray to Patch on Mon May 02 2016 08:10 am

    Mystic has an autoblocker 4 attempts in 20 seconds blocks ip.

    Very nice.

    I use an application called PeerBlock which connects to known anti-spam servers, downloads lists and implements that on the network.

    One thing that you can do is create a list yourself to be included. After looking at the FTP logs I blocked out a section of IP addresses that seemed to be trying to connect using the 'root' username.

    If you want to go that route please let me know, I'm willing to help get it set up for you and show you how to use it.

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
    = Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Mro@VERT/BBSESINF to Denn Gray on Mon May 2 17:37:36 2016
    Re: Re: Random people acessing
    By: Denn Gray to Patch on Mon May 02 2016 08:10 am

    Re: Re: Random people acessing
    By: Patch to Nightfox on Sun May 01 2016 04:05 pm

    Curious on this though, is there any method either witnin SBBS or with another software package that can block an IP address from even getting through?

    Mystic has an autoblocker 4 attempts in 20 seconds blocks ip.



    are they still using those blocklists meant for email spam as a general block list?

    i always thought that was stupid. most residential ips are added to those lists.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Xucaen@VERT/TIMEPORT to Oshogun on Mon May 2 21:06:25 2016
    BTW, is it normal for a lot of (what I assume to be) bots from random places >(lots of IPs from russia, for example) to telnet into my BBS system and try to >login as root? Some of them even throw random UNIX commands at the login >prompt, so I assume they are trying to get acess into unprotected unix shells >(who the hell uses telnet on a unix shell anyway).

    It seems to be harmless since none of those commands will actually work on a >BBS but, it is annoying.


    That happened to me to day after I started running my BBS. I used noip.com and somehow it was made visible to spammers trying to hack in. After changing my url and using Synchronet's IP forward service, that hasn't happened.

    ---
    ■ Synchronet ■ The Time Portal - timeport.synchro.net:2112 - Home of Labyrinth.
  • From Denn Gray@VERT/OUTWEST to Patch on Tue May 3 08:01:52 2016
    Re: Re: Random people acessing
    By: Patch to Denn Gray on Mon May 02 2016 11:51 am

    I use an application called PeerBlock which connects to known anti-spam servers, downloads lists and implements that on the network.

    I really don't have to much of a problem since I block all ports except the ones needed by synchronet, you can also block country ips such as China and Russia.

    ---
    ■ Synchronet ■ The Outwest BBS - outwestbbs.com - DOORS - Files -Dove-Net
  • From Denn Gray@VERT/OUTWEST to Mro on Tue May 3 08:09:16 2016
    Re: Re: Random people acessing
    By: Mro to Denn Gray on Mon May 02 2016 05:37 pm

    are they still using those blocklists meant for email spam as a general block list?

    I don't know, I ran Mystic for a couple of months but switched back to Synchronet, I just remember the autoblocker feature on Mystic.

    ---
    ■ Synchronet ■ The Outwest BBS - outwestbbs.com - DOORS - Files -Dove-Net
  • From Patch@VERT/R2LOTW to Denn Gray on Tue May 3 13:39:05 2016
    Re: Re: Random people acessing
    By: Denn Gray to Patch on Tue May 03 2016 08:01 am

    I really don't have to much of a problem since I block all ports except the ones needed by synchronet, you can also block country ips such as China and Russia.

    Another good suggestion. =)

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
    = Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Goose@VERT/ROTHBBSN to Patch on Tue May 3 23:39:44 2016
    Re: Re: Random people acessing
    By: Patch to Denn Gray on Tue May 03 2016 13:39:05

    Hi Guys,

    why dont use the program PEERBLOCK ?
    Under Windows, you can block blacklisted IPs/Bots from your computer who is running the BBS.

    PeerBlock is open source. i use it on my bbs as well.

    Greetings
    Mike

    ---
    ■ Synchronet ■ Roth BBS Net - rothbbs.ddns.net
  • From Patch@VERT/R2LOTW to Goose on Tue May 3 17:15:32 2016
    Re: Re: Random people acessing
    By: Goose to Patch on Tue May 03 2016 11:39 pm

    why dont use the program PEERBLOCK ?

    Yep, I am =)

    I forgot that you could import your own lists to block set IP addresses. It seems to have worked well as I don't have the person trying to hack the telnet port using ROOT as the username. At least not from that IP address...

    -Patch


    ---------------------------------------------------------------------------
    = Return To The Lair of the Wolverine = Telet:r2lotw.synchro.net =
    = Discord Global BBS Community = http://discord.gg/0yCxVosom5t6QNk5 =

    ---
    ■ Synchronet ■ R2LOTW - Reliving The Past - r2lotw.synchro.net - 24/7 - Games, Files, Messages.
  • From Mro@VERT/BBSESINF to Denn Gray on Tue May 3 19:50:00 2016
    Re: Re: Random people acessing
    By: Denn Gray to Patch on Tue May 03 2016 08:01 am


    I use an application called PeerBlock which connects to known anti-spam servers, downloads lists and implements that on the network.

    I really don't have to much of a problem since I block all ports except the ones needed by synchronet, you can also block country ips such as China and Russia.


    yeah but it takes the stress away from the bbs when there are attackers hitting the bbs ports.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From tracker1@VERT/TRNTEST to Nightfox on Sat May 21 15:12:06 2016
    Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything).
    Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.

    The main point was to drop the connection in < 10 seconds, instead of the typical timeout... the bots sometimes have 3+ connections open.

    --
    Michael J. Ryan
    tracker1(at)gmail.com
    +o Roughneck BBS

    ---
    ■ Synchronet ■ RoughneckBBS - http://www.roughneckbbs.com/
  • From Jahmas@VERT/JAHMAS to Nightfox on Wed Aug 10 16:11:44 2016
    Re: Re: Random people acessing
    By: Nightfox to tracker1 on Sat Apr 30 2016 09:33 pm

    Seems like that could add an unnecessary hassle, since most of these bots probably won't be able to do anything anyway (you probably don't have a user named 'root', and the commands they try to use won't do anything). Several years ago, I added a login matrix to my BBS, and I figure that should also keep most of the bots out since these bots don't know how to use a login matrix. I suppose that only works with telnet though; bots could still try to log in via SSH.

    I have script kiddies who do get into my logon matrix and upload strange batch files in the sysop message option. They are stupidly written batches that look like a crude attempt to log into a remote FTP server. I am terrible at writing code but at least I know it's worthless batchfile programming

    ---
    ■ Synchronet ■ Alpha Centauri BBS - Cape Cod Massachusetts
  • From Mro@VERT/BBSESINF to Jahmas on Sat Aug 13 14:21:37 2016
    Re: Re: Random people acessing
    By: Jahmas to Nightfox on Wed Aug 10 2016 04:11 pm

    batch files in the sysop message option. They are stupidly written batches that look like a crude attempt to log into a remote FTP server. I am terrible at writing code but at least I know it's worthless batchfile programming


    it's not batchfile programming. they are scripted commands.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::